General
-
Target
CS2-Skinchanger.rar
-
Size
18.7MB
-
Sample
231010-qkaa2aff72
-
MD5
98a2a3c85982406b801ba0e884d9aa59
-
SHA1
d30a8c1763f89ccc23d114934276dcb2e993cc1a
-
SHA256
31f10989295fcc28da734b4a4b7bdb47aa8c10e90d031528cf0cea2197ee3028
-
SHA512
09bdda54c24169a07bf3e5f23acf40ff220ce85815da0ba876302088eb12bfcda84b1cccafcba62868d2c8e4b9a2f243c81a5d149690f0345f5f3ad2d91196bb
-
SSDEEP
393216:zVcHkD0n0ubiwdceiH1jJNAeXxjqpI8iGrCz/T/V68LFPQ9HODz4E6uhLkd:GHZ0uiwziVVNF9Lku/TDzauhId
Malware Config
Targets
-
-
Target
CS2-Skinchanger.exe
-
Size
18.9MB
-
MD5
ad847046e15c6690d1ef8f0550b1ff2d
-
SHA1
d6c27da703290fe77b14769bbd3f8182f7906cb7
-
SHA256
ce99aac658ac76a7621f749846381da5d5da53a9109c6d06396ee920e945ea8a
-
SHA512
c4a868d5c20277d53d48c485ab4ac3d68b819079a73ee6739c906f996fee032d96a5fac80e0091246642ed90e72c2bb4560417014be84055d3108a1588f6e0d7
-
SSDEEP
393216:JSd9QDx60EW+7/pWYkRv3Bd1eZW3WpReO5uHw:JqQNPEW+7/pWZ0D4xQ
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
night-cheat.url
-
Size
117B
-
MD5
a2781ccbe8792bc98b7258ccc007090d
-
SHA1
86a4d3751a2a9e1f79922c5e3784a6ad401ff51f
-
SHA256
aaf4e0ca82bb3f28282be419d9c7e9272aa34e6f260f2b8a51491f93d4084808
-
SHA512
7a171d46e5a202f9dfcac2e470143c91ad1543c924e45a05a39940684f0b7ff648eb20e0b2626bea300f842c688e7305838cf613b6ab19757d743cc3bef94772
Score6/10-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-